I have one question - once the admin had realised their cookie had been compromised they could use a sign out link - eg: http://Host/DatabaseDirectory/DatabaseFileName?Logout
shouldn't this be enough to end the session on the server and make the DomAuthSessId invalid?
I have one question - once the admin had realised their cookie had been compromised they could use a sign out link - eg: http://Host/DatabaseDirectory/DatabaseFileName?Logout
shouldn't this be enough to end the session on the server and make the DomAuthSessId invalid?